Skip to main content

Advertisement

Springer Nature Link
Log in

Role-Based Access Control Model for Cloud Storage Using Identity-Based Cryptosystem

  • Published:
Mobile Networks and Applications Aims and scope Submit manuscript

Abstract

As the security of cloud storage cannot be effectively guaranteed, many users are reluctant to upload their key data to the cloud for storage, which seriously hinders the development of cloud storage. Since ensuring the confidentiality of user data and avoiding unauthorized access is the key to solving the security problems of cloud storage, there has been much cryptographic research proposing the use of the combination of cryptography technologies and access control model to guarantee the data security on untrusted cloud providers. However, the vast majority of existing access control schemes for ciphertext in cloud storage do not support the dynamic update of access control policies, and the computational overhead is also very large. This is contrary to the needs of most practical applications, which leverage dynamic data and need low computation cost. To solve this problem, combined with identity-based cryptosystem (IBC) and role-based access control (RBAC) model, we propose an RBAC (In this paper we use RBAC1 model which is richer access control model)) scheme for ciphertext in cloud storage. We also give the formal definitions of our scheme, a detailed description of four tuple used to represent access control strategy, the hybrid encryption strategy and write-time re-encryption strategy, which are designed for improving the system efficiency. The detailed construction processes of our scheme which. Include system initialization, add and delete users, add and delete permissions, add and delete roles, add and delete role inheritance, assign and remove user, assign and remove permission, read and write file algorithm are also given. Finally, we analyze the scheme and prove that it is correct,

access control preserving (AC- preserving) and secure.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Liu Z, Chen X, Yang J et al (2016) New order preserving encryption model for outsourced databases in cloud environments. J Netw Comput Appl 59:198–207

    Article  Google Scholar 

  2. Xu J, Wei L, Zhang Y et al (2018) Dynamic fully Homomorphic encryption-based Merkle tree for lightweight streaming authenticated data structures. J Netw Comput Appl 107:113–124

    Article  Google Scholar 

  3. Liu Z, Huang Y et al (2018) DivORAM: towards a practical oblivious RAM with variable block size. Inf Sci 447:1–11

    Article  Google Scholar 

  4. Liu Z, Li B, Huang Y et al (2019) NewMCOS: towards a practical multi-cloud oblivious storage scheme. IEEE Trans Knowl Data Eng. https://doi.org/10.1109/TKDE.2019.2891581

  5. Yue X, Chen B, Wang X et al (2018) An efficient and secure anonymous authentication scheme for VANETs based on the framework of group signatures. IEEE Access 6:62584–62600

    Article  Google Scholar 

  6. Wang C, Chow S, Wang Q et al (2013) Privacy-preserving public auditing for secure cloud storage. IEEE Trans Comput 62(2):362–375

    Article  MathSciNet  Google Scholar 

  7. Jung Y, Chung M (2010) Adaptive security management model in the cloud computing environment. In: The 12th international conference on advanced communication technology (ICACT), Phoenix Park, South Korea, pp 1664–1669

    Google Scholar 

  8. Freudenthal E, Pesin T, Port L et al (2002) dRBAC: distributed role-based access control for dynamic coalition environments. In: The 22nd international conference on distributed computing systems (ICDCD), Vienna, Austria, pp 411–420

    Google Scholar 

  9. Choi C, Choi J, Kim P (2014) Ontology-based access control model for security policy reasoning in cloud computing. J Supercomput 67(3):711–722

    Article  Google Scholar 

  10. Chen D, Huang X, Ren X (2009) Access control of cloud service based on UCON. In: IEEE international conference on cloud computing (CloudCom), Beijing, China, pp 559–564

    Google Scholar 

  11. Krautsevich L, Lazouski A, Martinelli F et al (2010) Risk-aware usage decision making in highly dynamic systems. In: 5th international conference on internet monitoring and protection (ICIMP), Barcelona, Spain, pp 29–34

    Google Scholar 

  12. Sahai A, Waters B (2005) Fuzzy identity-based encryption. In: International conference on theory and applications of cryptographic techniques (EUROCRYPT), Aarhus, Denmark, pp 457–473

    Google Scholar 

  13. Goyal V, Pandey O, Sahai A et al (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the ACM conference on computer and communications security (CCS), Alexandria, Virginia, USA, pp 89–98

    Google Scholar 

  14. Ostrovsky R, Sahai A, Waters B (2007) Attribute-based encryption with non-monotonic access structures. In: Acm conference on computer and communications security (CCS), Alexandria, Virginia, USA, pp 195–203

    Google Scholar 

  15. Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: 2007 IEEE symposium on security and privacy (SP), Berkeley, CA, USA, pp 321–334

    Chapter  Google Scholar 

  16. Sun G, Yu D, Yun L (2011) CP-ABE based data access control for cloud storage. J Commun 32(7):146–152

    Google Scholar 

  17. Goyal V, Jain A, Pandey O et al (2008) Bounded Ciphertext policy attribute based encryption. In: The 35th international colloquium on automata, languages and programming, Reykjavik, Iceland, pp 579–591

    Chapter  Google Scholar 

  18. Jung T, Li X, Wan Z et al (2013) Privacy preserving cloud data access with multi-authorities. In: 2013 IEEE INFOCOM, Turin, Italy, pp 2625–2633

    Chapter  Google Scholar 

  19. Ruj S, Stojmenovic M, Nayak A (2012) Privacy preserving access control with authentication for securing data in clouds. In: 12th IEEE/ACM international symposium on cluster, cloud and grid computing (CCGRID), Ottawa, ON, Canada, pp 556–563

    Google Scholar 

  20. Yu S, Wang C, Ren K et al (2010) Achieving secure, scalable, and fine-grained data access control in cloud computing. In: 2010 IEEE INFOCOM, San Diego, CA, USA, pp 1–9

    Google Scholar 

  21. Hur J, Dong K (2011) Attribute-based access control with efficient revocation in data outsourcing systems. IEEE Trans Parallel Distrib Syst 22(7):1214–1221

    Article  Google Scholar 

  22. Chen D, Shao J, Fan X et al (2014) MAH-ABE based privacy access control in cloud computing. Acta Electron Sin 42(4):821–827

    Google Scholar 

  23. Garrison W, Shull A, Myers S et al (2016) On the practicality of cryptographically enforcing dynamic access control policies in the cloud. In: 2016 IEEE symposium on security and privacy (SP), San Jose, CA, USA, pp 819–838

    Chapter  Google Scholar 

  24. Hinrichs T, Martinoia D, Garrison W et al (2013) Application-sensitive access control evaluation using parameterized expressiveness. In: IEEE 26th computer security foundations symposium, New Orleans, LA, USA, pp 145–160

    Google Scholar 

  25. Ene A, Horne W, Milosavljevic N et al (2008) Fast exact and heuristic methods for role minimization problems. In: The 13th ACM symposium on access control models and technologies (SACMAT), Estes Park, CO, USA, pp 1–10

    Google Scholar 

Download references

Acknowledgements

This work is supported, in part, by the National Natural Science Foundation of China under grant No. 61872069, in part, by the Fundamental Research Funds for the Central Universities (N171704005), in part, by the Shenyang Science and Technology Plan Projects (18-013-0-01).

Author information

Authors and Affiliations

  1. Software College, Northeastern University, Shenyang, 110169, China

    Jian Xu, Yanbo Yu, Qingyu Meng, Qiyu Wu & Fucai Zhou

Authors
  1. Jian Xu
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Yanbo Yu
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Qingyu Meng
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Qiyu Wu
    View author publications

    You can also search for this author inPubMed Google Scholar

  5. Fucai Zhou
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Jian Xu.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Xu, J., Yu, Y., Meng, Q. et al. Role-Based Access Control Model for Cloud Storage Using Identity-Based Cryptosystem. Mobile Netw Appl 26, 1475–1492 (2021). https://doi.org/10.1007/s11036-019-01484-4

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11036-019-01484-4

Keywords